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AlVIENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 

application: 

Claims 1 - 46. (Canceled) 

47. (New) A tamper-resistant electronic circuit for implementation in a device, said 
tamper-resistant electronic circuit comprising: 

means for tamper-resistantly storing a secret not accessible over 
an external circuit interface; 

means for performing cryptographic processing at least partly in 
response to said stored secret to generate an instance of device-specific security data 
internally confined within said electronic circuit during usage of said device; and 

means for performing a security-related operation in response to 
said internally confined device-specific security data. 

48. (New) The electronic circuit according to claim 47, wherein said device is a 
network device and said operation is related to at least one of data confidentiality, data 
integrity, authentication, authorization and non-repudiation in network communication. 

49. (New) The electronic circuit according to claim 47, wherein said device is 
configured for producing digital content and said security-related operation is 
configured for marking said digital content based on said device-specific security data. 

50. (New) The electronic circuit according to claim 49, wherein said operation is 
configured for generating a device-specific fingerprint embedded into said digital 
content. 
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51 . (New) The electronic circuit according to claim 47, wherein said means for 
performing cryptographic processing is configured for generating said device-specific 
security data provided that additional input data in the form of predetermined trigger 
data is applied over an external circuit interface during usage of said device, wherein 
said trigger data is defined during configuration of said device. 

52. (New) The electronic circuit according to claim 51, wherein said trigger data is 
defined based on configu rational device-specific security data provided during 
configuration of the device, and said electronic circuit further comprises: 

means for generating, based on said stored secret and said 
configurational device-specific security data, said trigger data as a cryptographic 
representation of said configurational device-specific security data during configuration 
of said device; 

means for outputting said cryptographic representation over an 
external circuit interface during configuration; and 

means for internally re-generating said device-specific security 
data during usage of said device provided that said additional input corresponds to 
said cryptographic representation. 

53. (New) The electronic circuit according to claim 52, further comprising means for 
internally generating, during configuration of said device, said configurational device- 
specific security data at least partly based on said stored secret. 
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54. (New) The electronic circuit according to claim 53, wiierein said means for 
internally generating said configurational device-specific security data comprises 
means for generating a private key at least partly based on said stored secret, and 
said trigger data is generated as a cryptographic representation of said private key 
during configuration of said device. 

55. (New) The electronic circuit according to claim 47, further comprising means for 
making, during configuration of said device, said device-specific security data 
available over an external circuit interface provided that a predetermined device 
access code is entered into the electronic circuit. 

56. (New) The electronic circuit according to claim 47, further comprising means for 
disabling internal access to at least one of said stored secret and said device-specific 
security data unless a predetermined device access code is entered into the electronic 
circuit. 

57. (New) The electronic circuit according to claim 55, further comprising: 

means for authentication of a manufacturer of said device; 
means for providing, during device manufacturing, said device 
access code to said device manufacturer in response to successful authentication. 

58. (New) The electronic circuit according to claim 47, wherein said means for 
performing a security-related operation based on said confined device-specific 
security data comprises: 

means for performing additional cryptographic processing based 
on said device-specific security data and further external input data to generate further 
security data; and 
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means for performing said security-related operation in response 
to said furtlier security data. 

59. (New) Tlie electronic circuit according to claim 58, wherein said device-specific 
security data represents a private key, and said further external input data represents 
an encryption of said further device-specific security data by the corresponding public 
key. 

60. (New) The electronic circuit according to claim 59, wherein said further security 
data represents a symmetric content decryption key issued by a content provider, and 
said device-specific security data represents a private key of a device manufacturer. 

61. (New) The electronic circuit according to claim 47, wherein said means for 
performing cryptographic processing to generate device-specific security data is 
configured for generating a symmetric cryptographic key in response to a seed applied 
over an external circuit interface. 

62. (New) The electronic circuit according to claim 47, wherein said means for 
performing cryptographic processing to generate device-specific security data is 
configured for generating a private key at least partly based on said stored secret, and 
said means for performing a security-related operation comprises means for 
performing asymmetric cryptography operations based on said internally confined 
private key. 

63. (New) The electronic circuit according to claim 62, further comprising means for 
generating a public key corresponding to said private key during configuration of said 
device, and means for outputting said public key over an external circuit interface. 
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64. (New) The electronic circuit according to claim 62, further comprising: 

means for performing shared key generation to generate a new 
shared key based on said generated private key and a public key of an intended 
communication partner; and 

means for performing cryptographic processing based on said 

new shared key. 

65. (New) The electronic circuit according to claim 47, wherein said means for 
cryptographic processing is operable for generating said device-specific security data 
20 as a chain of /c bind keys Bi, Bk in response to corresponding bind identities Ri, 
.... Rk according to the following formula: 

Bi = f(Bi.i, Ri) fori=1, k, 

where Bo represents the stored secret, and f is a cryptographic one-way function, 

66. (New) A device implemented with a tamper-resistant electronic circuit, said 
electronic circuit comprising: 

means for tamper-resistantly storing a secret not accessible over 
an external circuit interface; 

means for performing cryptographic processing at least partly in 
response to said stored secret to generate an instance of device-specific security data 
internally confined within said electronic circuit during usage of said device; and 

means for performing a security-related operation in response to 
said internally confined device-specific security data. 

67. (New) The device according to claim 66, wherein said device is a network 
device and said operation is related to at least one of data confidentiality, data 
integrity, authentication, authorization and non-repudiation in network communication. 
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68. (New) The device according to claim 66, wherein said device is configured for 
producing digital content and said security-related operation is configured for marking 
said digital content based on said device-specific security data. 

69. (New) The device according to claim 66, wherein said means for performing 
cryptographic processing is configured for generating said device-specific security 
data provided that additional input data in the form of predetermined trigger data is 
applied over an external circuit interface of the electronic circuit during usage of said 
device, wherein said trigger data is defined during configuration of said device. 

70. (New) A method for management of security data for a device, said method 
comprising the steps of: 

storing, in a controlled environment during manufacturing of a 
tamperresistant electronic circuit, a secret randomized number in said electronic circuit 
such that the secret number is not available outside of said electronic circuit; 

implementing, during circuit manufacturing, functionality into said 
electronic circuit for performing cryptographic processing at least partly based on said 
stored secret number to generate device-specific security data internally confined 
within said electronic circuit during usage of the device; 

implementing, during circuit manufacturing, a security-related 
operation into said electronic circuit, said security-related operation being configured 
for receiving at least said internally confined device-specific security data as input 
during usage of the device; and 

installing, during device manufacturing, said electronic circuit into 

said device. 



-9- 



950225 



SMEETS ET AL. 

New U.S. Patent Application 

Atty. No.: 2380-889 

71 . (New) The method according to claim 70, wherein said device is a networl< 
device and said operation is related to at least one of data confidentiality, data 
integrity, authentication, authorization and non-repudiation in networl< communication. 

72. (New) The method according to claim 70, wherein said device is configured for 
producing digital content and said security-related operation is configured for marking 
said digital content based on said device-specific security data. 

73. (New) The method according to claim 70, further comprising the step of 
providing, during configuration of the device, trigger data to be applied later during 
usage of the device in order to be able to generate said device-specific security data 
within said electronic circuit. 

74. (New) The method according to claim 73, further comprising the steps of: 

entering, in a controlled environment during device configuration, 
said trigger data as input data into said electronic circuit in order to obtain device- 
specific security data from the cryptographic functionality of the electronic circuit; 

recording, in a controlled environment during device configuration, 
said device-specific security data and said input data; and 

entering, in a controlled environment during device configuration, a 
predetermined device access code into the electronic circuit for accessing the device- 
specific security data over an external circuit interface. 

75. (New) The method according to claim 73, further comprising the steps of: 

generating, in a controlled environment during device 
configuration, device-specific security data; 

entering, in a controlled environment during device configuration, 
said generated device-specific security data into said electronic circuit in order to 
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obtain said trigger data as a result representation from the cryptographic functionality 
of the electronic circuit; and 

recording, in a controlled environment during device configuration, 
said result representation and the previously generated device-specific security data. 
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